i am in middle of a pentest for my cousins company and iam using ISSAF according to hackingdojo shodan.i've done these phases:

-Passive info gathering-network mapping:

identifying live hosts (ok)

TCP/UDP Port scanning (OK)

Banner Grabbing (OK)

P/A OS Guessing (OK)

but now i am in identifying router or firewall stage. i performed a traceroute to the target but after some hops i see all stars because those hops doesn't respond to ICMP packets. now what? how can i identify routers?? pLEaaAse help!!

Last edited by cyber.spirit on Tue Apr 23, 2013 2:25 am, edited 1 time in total.

Wait Wait Wait!!!The problem is solved i have found a 20 range of their public ip address, seven of the are up 5 of that 7 are servers with alot of same configs and 2 of that 7 are Cisco devices there is no open TCP ports on that two but nmap aggressive scanning says tat they are cisco devices

now tell me please

1- how can i find which of them is router or switch?2- how can i which network they are routing

Grendel wrote:It may not matter. The purpose of identifying the customer's routers and switches is to see if you can attack an administrative port (ssh, telnet, and/or snmp). Otherwise, just keep moving on.

BTW, we discuss that in the Nidan class.

Hi Thomas.How are you? Thanx for your help i know that, your are right and i don't know cisco hacking but i am really curious to know what those devices are i think they are routers not firewalls but why they dont have any open ports. Anyway thanks i'll go to the next stage

ajohnson wrote:Switches and routers are Layer-2 and -3 devices, respectively, and do not use TCP or UDP ports to operate. Anything at a higher level than the frame or packet is simply seen as the data payload.

Well, Well, yup that is right TCP/UDP ports are for higher levels in osi or tcp/ip models and i already know that. As i mentioned before they are using cisco stuff and It's better to configure your Cisco device to accept the ssh or at-least telnet connections for later configs because the router/switch is in server room there is so cold and it is hard to config the switch using consol cable, that is why i thought it's strange for a router. anway thanks for your info.